Safe error attacks (SEA) are one of the most powerful fault injection mechanisms used to gain the knowledge of secret data stored inside hardware. Its simplicity makes the attack very effective, the whole procedure can be summarized as follows.
Assume the implementation of a block cipher is under attack. The implementation executes an encryption operation, producing the result c=ENC(p,k), where c is a ciphertext, p is a plaintext, and k is a secret key. Assume the secret key is stored in memory and the attacker has means to learn the physical location of the individual bits of the key. Assume further that the attacker is capable of forcing individual memory bits to zero (the same discussion holds for setting the bits to one). Next, the attacker runs an encryption and observes the result, i.e., ciphertext c. The attacker then locates the most significant bit of the secret key, denoted as k[MSB], forces this bit to zero, and observes the new result. If the result changes, the attacker learns that k[MSB] has been holding a value of logical one before the change. If the result stays unchanged, the attacker learns that the logical bit was zero before the fault attempt. In either case, only with a single trial, the attacker learns one bit of information about the secret key. The same procedure is then applied for all the other key bits until the whole key is revealed.